diff options
| author | Joel Sing <jsing@cvs.openbsd.org> | 2016-10-19 16:38:41 +0000 |
|---|---|---|
| committer | Joel Sing <jsing@cvs.openbsd.org> | 2016-10-19 16:38:41 +0000 |
| commit | f3bc295f2ff330c4669a0f7f2a9d0edddb042a55 (patch) | |
| tree | e9d762d6cadb1457325cb45749b399a77b965781 /lib/libssl/ssl_locl.h | |
| parent | 5fc2a970b60b1a41734ce64c6aaaf8536ded6e80 (diff) | |
Remove support for fixed ECDH cipher suites - these is not widely supported
and more importantly they do not provide PFS (if you want to use ECDH, use
ECDHE instead).
With input from guenther@.
ok deraadt@ guenther@
Diffstat (limited to 'lib/libssl/ssl_locl.h')
| -rw-r--r-- | lib/libssl/ssl_locl.h | 6 |
1 files changed, 1 insertions, 5 deletions
diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index 2a521fe26a3..1b768e3939a 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.129 2016/04/28 16:39:45 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.130 2016/10/19 16:38:40 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -255,8 +255,6 @@ /* Bits for algorithm_mkey (key exchange algorithm) */ #define SSL_kRSA 0x00000001L /* RSA key exchange */ #define SSL_kDHE 0x00000008L /* tmp DH key no DH cert */ -#define SSL_kECDHr 0x00000020L /* ECDH cert, RSA CA cert */ -#define SSL_kECDHe 0x00000040L /* ECDH cert, ECDSA CA cert */ #define SSL_kECDHE 0x00000080L /* ephemeral ECDH */ #define SSL_kGOST 0x00000200L /* GOST key exchange */ @@ -264,11 +262,9 @@ #define SSL_aRSA 0x00000001L /* RSA auth */ #define SSL_aDSS 0x00000002L /* DSS auth */ #define SSL_aNULL 0x00000004L /* no auth (i.e. use ADH or AECDH) */ -#define SSL_aECDH 0x00000010L /* Fixed ECDH auth (kECDHe or kECDHr) */ #define SSL_aECDSA 0x00000040L /* ECDSA auth*/ #define SSL_aGOST01 0x00000200L /* GOST R 34.10-2001 signature auth */ - /* Bits for algorithm_enc (symmetric encryption) */ #define SSL_DES 0x00000001L #define SSL_3DES 0x00000002L |